Data Processing Agreement (DPA)
This agreement governs the processing of personal data that Salvus carries out on behalf of the customer, under Article 28 of the GDPR. It forms part of the Terms & Conditions.
Last updated: 1 June 2026
1. Parties and roles
The customer is the data controller and Salvus is the processor. Salvus processes personal data only on documented instructions from the customer, unless required otherwise by law.
2. Subject matter and duration
The processing concerns the provision of the Occupational Health & Safety platform and lasts for the duration of the subscription, including the retention period and the return or deletion of data.
3. Nature of the data
The data processed relates to workers covered by the customer's services, including identification data, role, training and health data on fitness for work (special category).
4. Salvus's obligations
Salvus ensures confidentiality, applies appropriate technical and organisational measures, assists the customer in meeting its obligations and provides information to demonstrate compliance.
5. Sub-processors
Salvus engages the following sub-processors, each subject to data protection obligations equivalent to this agreement: (a) Supabase Inc. (EU region) — database hosting and authentication; (b) Resend Inc. (EU SCC) — transactional email, used for scheduled SST compliance reports that may contain worker fitness status and exam schedule data; (c) Vercel Inc. (EU SCC) — application hosting. When AI features are enabled (SALVUS_AI_MOCK=0), structural context data (no individual health records) may be sent to Anthropic or OpenAI under Standard Contractual Clauses. The customer is notified of material changes and may object on legitimate grounds.
6. International transfers
Data is stored and processed within the European Union (Supabase EU region). Sub-processors outside the EU (Vercel, Resend, AI providers when enabled) operate under Standard Contractual Clauses pursuant to GDPR Article 46(2)(c). Health data (special category) is never transferred to AI providers.
7. Data breaches
Salvus notifies the customer without undue delay after becoming aware of a personal data breach, providing the information needed for the customer to meet its notification duties.
8. Return and deletion
On termination of the contract, and at the customer's choice, Salvus returns or deletes the personal data, unless legally required to retain it.
9. Audit
Salvus makes available the information reasonably necessary to demonstrate compliance with this agreement and allows for audits as agreed between the parties.
10. Medical certification boundary
Salvus is an occupational health and safety management platform, not a medical device or healthcare provider. The platform stores and organises data produced by licensed professionals (occupational physicians, certified SST technicians) operating under Lei n.º 102/2009 and the Ordem dos Médicos. Fitness verdicts, clinical card entries and aptitude certificates must be issued exclusively by qualified professionals. The platform does not autonomously generate medical diagnoses or fitness determinations. AI-assisted features (risk autofill, report drafting, deadline triage) operate on structural SST data only and do not constitute medical advice. Customers are solely responsible for ensuring their professionals hold the required certifications under Portuguese law.